For almost three months, versions of three widely distributed open-source applications from Horde.org contained a backdoor that allowed attackers to remotely execute malicious PHP code on systems that ran the programs.

Members of the Horde Project warned of the tampering earlier this week, in a bulletin that advised users of the collaboration and messaging applications to immediately reinstall newer versions that didn't contain the malicious code. Those affected included anyone who downloaded installation packages for Horde 3.3.12, Horde Groupware 1.2.10 or Horde Groupware Webmail Edition 1.2.10 between various dates in November and February 7. Horde 4 is not affected. A module that targets the vulnerability has already been added to the Metasploit framework for hackers and penetration testers.

This has nothing to do with open or closed source. Exploits in closed source are "detected" all the time. This has more to do with the size of your development team, which directly affects the amount of peer review the code will get. You can bring in the usual preaching of "it's open so it will be reviewed" all you want, this clearly proves that people have better things to be doing than reading open source code.